Windows Analysis Report
fxc.exe

Overview

General Information

Sample name: fxc.exe
Analysis ID: 1541091
MD5: 0b1904602a90ed190066095f29a3f92a
SHA1: f0a25529b0d0aabce9d72ba46aaf1c78c5b48c31
SHA256: 6e349195bdc65a1964367317ba14b905440d75398c3fbb1911c3400082d7f149
Tags: exeMDeployeruser-smica83
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
AV process strings found (often used to terminate AV products)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
One or more processes crash
PE file contains sections with non-standard names
Uses Microsoft's Enhanced Cryptographic Provider

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: fxc.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: fxc.exe ReversingLabs: Detection: 52%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 98.0% probability
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC212410 BCryptGenRandom,GetCurrentProcessId,BCryptGenRandom,HeapFree,CreateNamedPipeW,GetLastError,BCryptGenRandom,BCryptGenRandom,HeapFree,HeapFree,HeapFree,HeapFree,CloseHandle,HeapFree,BCryptGenRandom,HeapFree, 0_2_00007FF7BC212410
Source: fxc.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC2085E0 GetFileInformationByHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,FindFirstFileW,FindClose,HeapFree, 0_2_00007FF7BC2085E0
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC21EF88 FindFirstFileExW, 0_2_00007FF7BC21EF88
Source: Amcache.hve.3.dr String found in binary or memory: http://upx.sf.net
Contains functionality to call native functions
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC1F1D30 HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,CloseHandle,CloseHandle,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,CloseHandle, 0_2_00007FF7BC1F1D30
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC200230 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError, 0_2_00007FF7BC200230
Creates files inside the system directory
Source: C:\Users\user\Desktop\fxc.exe File created: C:\Windows\Debug\fail.txt Jump to behavior
Source: C:\Users\user\Desktop\fxc.exe File created: C:\Windows\Debug\stop.exe Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC1F1D30 0_2_00007FF7BC1F1D30
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC1F12D0 0_2_00007FF7BC1F12D0
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC201B10 0_2_00007FF7BC201B10
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC209420 0_2_00007FF7BC209420
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC203D40 0_2_00007FF7BC203D40
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC1F7520 0_2_00007FF7BC1F7520
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC1FD590 0_2_00007FF7BC1FD590
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC1F8590 0_2_00007FF7BC1F8590
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC1F6D90 0_2_00007FF7BC1F6D90
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC226558 0_2_00007FF7BC226558
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC21D5F4 0_2_00007FF7BC21D5F4
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC211E40 0_2_00007FF7BC211E40
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC2046C0 0_2_00007FF7BC2046C0
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC21EF88 0_2_00007FF7BC21EF88
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC200790 0_2_00007FF7BC200790
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC2097A0 0_2_00007FF7BC2097A0
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC202FE0 0_2_00007FF7BC202FE0
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC215870 0_2_00007FF7BC215870
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC211207 0_2_00007FF7BC211207
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC1FB1F0 0_2_00007FF7BC1FB1F0
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC210A20 0_2_00007FF7BC210A20
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC1F2B10 0_2_00007FF7BC1F2B10
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC1F4350 0_2_00007FF7BC1F4350
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC210BD0 0_2_00007FF7BC210BD0
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC203400 0_2_00007FF7BC203400
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC212410 0_2_00007FF7BC212410
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC2233FC 0_2_00007FF7BC2233FC
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC20EC90 0_2_00007FF7BC20EC90
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC206C60 0_2_00007FF7BC206C60
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\fxc.exe Code function: String function: 00007FF7BC1F48E0 appears 81 times
One or more processes crash
Source: C:\Users\user\Desktop\fxc.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7312 -s 232
Source: classification engine Classification label: mal60.winEXE@3/7@0/0
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC201B10 GetModuleHandleW,FormatMessageW,GetLastError,HeapFree,HeapFree, 0_2_00007FF7BC201B10
Source: C:\Windows\System32\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7312
Source: C:\Windows\System32\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\e17b0cfc-ae68-4569-b6fd-0a48457ca425 Jump to behavior
Source: fxc.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\fxc.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: fxc.exe ReversingLabs: Detection: 52%
Source: unknown Process created: C:\Users\user\Desktop\fxc.exe "C:\Users\user\Desktop\fxc.exe"
Source: C:\Users\user\Desktop\fxc.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7312 -s 232
Source: C:\Users\user\Desktop\fxc.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\fxc.exe Section loaded: cryptbase.dll Jump to behavior
Source: fxc.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: fxc.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: fxc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC215870 SetLastError,GetCurrentDirectoryW,GetLastError,GetLastError,HeapFree,RtlCaptureContext,RtlLookupFunctionEntry,GetCurrentProcessId,CreateMutexA,CloseHandle,WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,ReleaseMutex,RtlVirtualUnwind,HeapFree,GetLastError,HeapFree,HeapFree, 0_2_00007FF7BC215870
PE file contains sections with non-standard names
Source: fxc.exe Static PE information: section name: _RDATA
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\fxc.exe API coverage: 3.6 %
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC2085E0 GetFileInformationByHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,FindFirstFileW,FindClose,HeapFree, 0_2_00007FF7BC2085E0
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC21EF88 FindFirstFileExW, 0_2_00007FF7BC21EF88
Source: Amcache.hve.3.dr Binary or memory string: VMware
Source: Amcache.hve.3.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.3.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.3.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.3.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.3.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.3.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.3.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.dr Binary or memory string: vmci.sys
Source: Amcache.hve.3.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.3.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.3.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.3.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.dr Binary or memory string: VMware20,1
Source: Amcache.hve.3.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.3.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.3.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.3.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.3.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.3.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.3.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.3.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.3.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.3.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.3.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC21E54C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7BC21E54C
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC215870 SetLastError,GetCurrentDirectoryW,GetLastError,GetLastError,HeapFree,RtlCaptureContext,RtlLookupFunctionEntry,GetCurrentProcessId,CreateMutexA,CloseHandle,WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,ReleaseMutex,RtlVirtualUnwind,HeapFree,GetLastError,HeapFree,HeapFree, 0_2_00007FF7BC215870
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC221F64 GetProcessHeap, 0_2_00007FF7BC221F64
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC21E54C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7BC21E54C
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC218F70 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7BC218F70
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC219118 SetUnhandledExceptionFilter, 0_2_00007FF7BC219118
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC226ADC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF7BC226ADC
Source: C:\Users\user\Desktop\fxc.exe Memory allocated: page read and write | page guard Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC2263A0 cpuid 0_2_00007FF7BC2263A0
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC212410 BCryptGenRandom,GetCurrentProcessId,BCryptGenRandom,HeapFree,CreateNamedPipeW,GetLastError,BCryptGenRandom,BCryptGenRandom,HeapFree,HeapFree,HeapFree,HeapFree,CloseHandle,HeapFree,BCryptGenRandom,HeapFree, 0_2_00007FF7BC212410
Source: C:\Users\user\Desktop\fxc.exe Code function: 0_2_00007FF7BC218E4C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF7BC218E4C
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.3.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.3.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.3.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.3.dr Binary or memory string: MsMpEng.exe
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541091 Sample: fxc.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 60 13 Antivirus / Scanner detection for submitted sample 2->13 15 Multi AV Scanner detection for submitted file 2->15 17 AI detected suspicious sample 2->17 6 fxc.exe 2 2->6         started        process3 process4 8 WerFault.exe 19 16 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Unicode 8->11 dropped
No contacted IP infos